A feature is available for Windows Server 2008 that lets you synchronize the DSRM Administrator password with a domain user account

INTRODUCTION

On a Windows-based domain controller, you may want to synchronize the Directory Service Restore Mode (DSRM) Administrator password with a domain user account. In Windows Server 2003, you cannot do this. For Windows Server 2008, a feature is available that lets you synchronize the DSRM Administrator password with a domain user account.

More Information

Update information

The following files are available for download from the Microsoft Download Center:

Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help prevent any unauthorized changes to the file.

Feature information

A supported feature that modifies the product's default behavior is now available from Microsoft. However, it is intended to modify only the behavior that this article describes. Apply it only to systems that specifically require it. This feature may receive additional testing. Therefore, if the system is not severely affected by the lack of this feature, we recommend that you wait for the next software update that contains this feature.

To obtain this feature immediately, contact Microsoft Customer Support Services. For a complete list of Microsoft Customer Support Services telephone numbers and information about support costs, visit the following Microsoft Web site:

Prerequisites

To apply this feature, you must be running Windows Server 2008 on the computer.

Restart requirement

You must restart the computer after you apply this feature.

Feature replacement information

This feature does not replace any other updates.

How to synchronize the DSRM Administrator password on a Windows Server 2008-based domain controller with the password of a domain user account

After you apply this feature, you can synchronize the DSRM Administrator password on a Windows Server 2008-based domain controller with the password of a domain user account. To do this, run the following command on the Windows Server 2008-based domain controller:

Note In this command, <AccountName> is a placeholder for the name of the domain user account that you want to use.

This command synchronizes the DSRM Administrator password one time. If you want to perform another synchronization, you must run this command again.

File information

The English version of this feature has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time item in Control Panel.

Windows Server 2008 notes

The .manifest files and the .mum files that are installed in each environment are listed separately in the "Additional file information for Windows Server 2008" section. These files and their associated .cat (security catalog) files are critical to maintaining the state of the updated component. The .cat files are signed with a Microsoft digital signature. The attributes of these security files are not listed.